Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
What firewall should I use?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: What firewall should I use?
It's not needed if you're just browsing the interweb, downloading stuff and playing games on other people's servers but nftables has a very low resource overhead and it adds a layer of protection just in case ports and services are exposed by mistake.
I use the provided "workstation" ruleset, which is default-deny:
Check with
Edit /etc/nftables.conf if you need to allow for ssh, http or https servers; it has a commented-out line for that.
I use the provided "workstation" ruleset, which is default-deny:
Code: Select all
# apt install nftables
# cp /usr/share/doc/nftables/examples/workstation.nft /etc/nftables.conf
# systemctl enable --now nftables
Code: Select all
# nft list ruleset
deadbang
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: What firewall should I use?
Thanks HOAS. I made the change as per the link you provided. What a difference in the ruleset. Not that I really understand any or it.
I am not irrational, I'm just quantum probabilistic.
- Hallvor
- Global Moderator
- Posts: 2029
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 139 times
- Been thanked: 206 times
Re: What firewall should I use?
The default ruleset is fine. Here is a different option with chain base checks:
viewtopic.php?p=736536#p736536
viewtopic.php?p=736536#p736536
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
- zarathustra-f90
- Posts: 35
- Joined: 2020-10-26 14:37
- Has thanked: 19 times
- Been thanked: 2 times
- Contact:
Re: What firewall should I use?
Just try the Uncomplcated Firewall (https://wiki.debian.org/Uncomplicated%2 ... 0%28ufw%29), easy to use nothing more to tinker after enabling it.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: What firewall should I use?
Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.
The less software is used, the less the chance of running into a bug or vulnerability.
deadbang
- zarathustra-f90
- Posts: 35
- Joined: 2020-10-26 14:37
- Has thanked: 19 times
- Been thanked: 2 times
- Contact:
Re: What firewall should I use?
Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall, for a user that wants an effective firewall without making any tinkering or using command lines/config files it seems suitable imho. Of course it's up to the user to choose and weight the pros and cons.Head_on_a_Stick wrote: ↑2022-06-12 10:07Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.
The less software is used, the less the chance of running into a bug or vulnerability.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: What firewall should I use?
That you know ofzarathustra-f90 wrote: ↑2022-06-18 00:59Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall
deadbang